Sarahah app's uploading of contacts to servers could be a security risk, experts say | Inquirer Technology

Sarahah app’s uploading of contacts to servers could be a security risk, experts say

/ 07:56 PM August 31, 2017

Image: Google Play Store

Popular app Sarahah was discovered to be uploading user address books and contact numbers without clarifying why it is doing so.

The process was discovered by Bishop Fox senior security analyst Zachary Julian, according to a report by The Intercept.

Article continues after this advertisement

Apparently, the process of uploading contacts happens the first time Sarahah is loaded. It immediately scans the device it is installed on and starts transmitting information to its servers.

FEATURED STORIES

However, Sarahah creator Zain al-Abdin Tawfiq tweeted that the app did this due to a planned feature that never pushed through. He also assures that a future update will remove this functionality.

Image: Twitter/@ZainAlabdin878

The line of code instructing the app to do this was supposed to be removed by a partner working on the feature before development on it stopped. Good news is, the function was removed from the servers, which means that the information being transmitted by the app is not being saved, Tawfiq explained to The Intercept.

Article continues after this advertisement

Image: Twitter/@ZainAlabdin878

This function was supposed to be used for a “find your friends” feature.

Article continues after this advertisement

According to security firm Red Mesa founder Drew Porter, this kind of app function is more common than people think. The trouble is that since it happens too often, it’s become difficult to ensure the safety of the data being transmitted on the server side.

Article continues after this advertisement

Apple iOS and Android generally asks users if they want apps to access information on their devices, especially starting from Android 6.0 Marshmallow where security is more specific. This gives smartphone owners a level of control on their personal information.

The danger lies in attackers targeting servers with less-than-ideal security measures. From this perspective, personal information is now put at risk.

Article continues after this advertisement

Sarahah has been rated as being among the top five most downloaded app today, according to analytics firm App Annie.

Until a fix can be made available, Julian suggests that Sarahah should inform users what data is being gathered, where it is being sent, and what it is specifically being used for. Alfred Bayle/JB

RELATED STORIES:

Android 8.0 Oreo claims to be twice as fast as Android Nougat

Apple’s iOS 11 will feature Touch ID ‘quick disable’

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

‘The Invisible Man’ smartphone malware targets bank customers in major countries

TOPICS: personal information, Privacy
TAGS: personal information, Privacy

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.